sequential-thinking
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface exists in
scripts/sequential_think.py. The skill breaks a question into steps and then feeds the output (reasoning and conclusions) of one model call directly into the prompt of the next call. - Ingestion points: Untrusted data enters the context through the
chat()function which returns model-generated text from OpenRouter. - Boundary markers: Absent. The content from prior steps is concatenated into the
context_strvariable and inserted into thepromptstring without delimiters or instructions to ignore embedded commands. - Capability inventory: The script performs network operations (
requests.post) to the OpenRouter API. - Sanitization: None. The
extract_conclusionfunction only performs basic string splitting and does not filter for malicious instructions. - [COMMAND_EXECUTION]: The
SKILL.mdfile suggests running Python scripts using{baseDir}placeholders, which is a standard execution pattern for this environment.
Audit Metadata